does pyopenssl support tls1.2 when built with openssl-1.0.1c

Asked by dipti on 2013-06-27

does pyopenssl support tls1.2 when built with openssl-1.0.1c
I need a python interface with openssl1.0.1c for a python client using tls1.2 method.
It it possible? .. if its not yet supported , how I enhance it?

Question information

Language:
English Edit question
Status:
Answered
For:
pyOpenSSL Edit question
Assignee:
No assignee Edit question
Last query:
2013-06-27
Last reply:
2013-06-27
Thom Nichols (tmnichols) said : #1

I was wondering the same thing, I need TLS 1.2 and so far it looks like it's only supported in (unreleased) Python 3.4, never going to be backported to 2.x. Need a TLS 1.2 socket.

dipti (diptiburli21) said : #2

Am using python 2.6 , so tls1.2 support cannot be ported to 2.6 is it?

Thom Nichols (tmnichols) said : #3

Sorry, the *core* ssl module in the Python 2.x stdlib will never support TLS 1.2, but my question (and I think yours as well) is whether PyOpenSSL will support TLS 1.2 (and presumably be used with Python 2.x as an alternative to the built-in ssl module.)

Jean-Paul Calderone (exarkun) said : #4

I'm happy to integrate a patch that adds TLS 1.2 support to PyOpenSSL. I have limited time for development on PyOpenSSL though, and at the moment all of my efforts are going towards the CFFI port. If you'd like to contribute TLS 1.2 support, I think that'd be great. Please open a bug, link a branch, and create a merge proposal when you have something ready for review (please be sure to include full test coverage and some documentation).

I don't actually know what the OpenSSL API for enabling TLS 1.2 is. Since Python stdlib ssl apparently has enabled this feature, I suggest referring to the source for that module to find out what APIs are involved.

Jean-Paul Calderone (exarkun) said : #5

Actually, a quick skim of the Python 3.4 ssl module source suggests this is just a matter of exposing the new TLSv1_2_method (and perhaps TLSv1_1_method) APIs alongside the other methods. So should be pretty straightforward.

dipti (diptiburli21) said : #6

Hi , I have tried adding TLSv1_2_method along with existing methods , SSL.so getting generated also seems to have TLSv1_2_method , but when tried to run client.py , it still seems not to recongnise TLS1.2 method

Jean-Paul Calderone (exarkun) said : #7

Thanks for trying. I can't help you out any further unless you at least share the code you wrote in your attempt, though.

dipti (diptiburli21) said : #8

Hi ,
We have tried the following:
File1: ssl.c
:187: PyModule_AddIntConstant(module, "TLSv1_2_METHOD", ssl_TLSv1_2_METHOD);
-------

File2: context.c
;296: @param method: One of " SSLv2_METHOD_TEXT "SSLv3_METHOD, SSLv23_METHOD, or\n\
               TLSv1_2_METHOD.\n\
-------

:1209: case ssl_TLSv1_2_METHOD:
            method = TLSv1_2_method();
-------

File3: context.h

:40: #define ssl_TLSv1_2_METHOD (4)

. Anything That I have missed. here, I havent changed any crypto files.

Shilpa (heyshilps) said : #9

Can we use this Cpython patch in anyway...? http://hg.python.org/cpython/rev/02a89bd646ca
Found it on - http://bugs.python.org/issue16692

Jean-Paul Calderone (exarkun) said : #10

Please share code as a bzr branch (best) or a patch file (`bzr diff` will generate one for you). Also, further discussion on this issue would best be done on a bug report. Would you like to file one and resume the discussion there?

Shilpa (heyshilps) said : #11

Bug #1197391 created.

Can you help with this problem?

Provide an answer of your own, or ask dipti for more information if necessary.

To post a message you must log in.